Non anonymous bind for LDAP.

2021-03-24 18:19:21 +01:00 · 2021-03-24 18:19:21 +01:00 · c1587f38c4
parent fafc5b128a
commit c1587f38c4
2 changed files with 7 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -38,6 +38,9 @@ jupyter_hub_ldap_authentication: False
 jupyter_hub_ldap_server_address: 'ldap://localhost'
 jupyter_hub_ldap_bind_dn_template: 'uid={username},ou=Users,dc=example,dc=org'
 jupyter_hub_ldap_lookup_dn: False
+jupyter_hub_ldap_anonymous_bind: True
+jupyter_hub_ldap_bind_user_dn: 'uid=jupyter,ou=Special Users,dc=example,dc=org'
+jupyter_hub_ldap_bind_user_pwd: 'use a vault'
 jupyter_hub_ldap_user_search_base: 'dc=example,dc=org'
 jupyter_hub_ldap_user_attribute: 'uid'
 jupyter_hub_ldap_user_search_filter: '(&(objectClass=posixAccount)(uid={username}))'
--- a/templates/jupyterhub_config.py.j2
+++ b/templates/jupyterhub_config.py.j2
@ -93,6 +93,10 @@ c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator'
 c.LDAPAuthenticator.server_address ="{{ jupyter_hub_ldap_server_address }}"
 c.LDAPAuthenticator.bind_dn_template = ["{{ jupyter_hub_ldap_bind_dn_template }}"]
 c.LDAPAuthenticator.lookup_dn = {{ jupyter_hub_ldap_lookup_dn }}
+{% if not jupyter_hub_ldap_anonymous_bind %}
+c.LDAPAuthenticator.bind_user_dn = '{{ jupyter_hub_ldap_bind_user_dn }}'
+c.LDAPAuthenticator.bind_user_password = ‘{{ jupyter_hub_ldap_bind_user_pwd }}’
+{% endif %}
 c.LDAPAuthenticator.user_search_base = '{{ jupyter_hub_ldap_user_search_base }}'
 c.LDAPAuthenticator.user_attribute = '{{ jupyter_hub_ldap_user_attribute }}'
 c.LDAPAuthenticator.search_filter = '{{ jupyter_hub_ldap_user_search_filter }}'